Find notable cyber news and cases, enriched with sources, timelines, and signals.

NoVoice Android malware hidden in Google Play apps

Malware Activity
First reported
Last updated
Happening score
H score 21
1 unique sources, 1 articles

Summary

Hide ▲

NoVoice Android malware was found hidden in more than 50 Google Play apps, exposing at least 2.3 million downloads to compromise. After installation, it used old Android vulnerabilities to seek root access, disable SELinux, and install a persistent rootkit. The malware also polled a C2 server and gathered device details to choose exploit components. Its post-compromise payload targeted WhatsApp session data, creating risk of account cloning and broader device compromise.

Related Happenings

Google Gemini on Android notification-injection bypass using Fake Context Alignment

Technical Analysis
H score16 First: 03.06.2026 22:11 Last: 03.06.2026 22:11 Sources 1

About this happening: Researchers found a **notification-based prompt-injection bypass** in **Google Gemini on Android** that could turn hostile notification text into **unauthorized assistant actions*...

Google rolls out Android Intrusion Logging in Android Advanced Protection Mode

Security Tool/Service
H score10 First: 14.05.2026 16:30 Last: 14.05.2026 16:30 Sources 1

About this happening: Google has released **Android Intrusion Logging** for **Android Advanced Protection Mode**, giving **high-risk Android users** encrypted forensic logs to investigate suspected **s...

Android Intrusion Logging forensic logging rollout for spyware investigations

Security Tool/Service
H score11 First: 13.05.2026 09:55 Last: 13.05.2026 09:55 Sources 1

About this happening: **Android** is adding **Intrusion Logging**, an opt-in forensic feature in **Advanced Protection Mode** that preserves device and network activity for suspected spyware compromise...

Android 17 expands platform security and privacy protections

Security Tool/Service
H score15 First: 12.05.2026 20:00 Last: 12.05.2026 20:00 Sources 1

About this happening: **Android 17** will add a broad set of **Google**-backed security and privacy controls next month, reducing exposure to **banking scam calls**, **device theft**, and **OTP theft**...

PromptSpy backdoor for Android with Gemini API automation

Malware Activity
H score22 First: 11.05.2026 16:02 Last: 11.05.2026 16:02 Sources 1

About this happening: The **PromptSpy** backdoor for **Android** was highlighted for using **Gemini APIs** to automate device interaction, increasing the risk of unauthorized control on infected phones...

Timeline

  1. 01.04.2026 21:07 2 articles · 3mo ago

    NoVoice found hidden in Google Play apps

    Initial Disclosure

    McAfee identified the NoVoice Android malware family hidden in more than 50 Google Play apps, with at least 2.3 million downloads, and said the operation shared similarities with the Triada Android trojan while not being tied to a specific threat actor. The malicious apps provided their promised functionality, used no suspicious permissions, and were later removed from Google Play after McAfee reported them to Google.

    Show sources